← Back to home

Privacy Policy for Refraction

Introduction

This Privacy Policy governs the collection, use, and disclosure of personal information by Refraction (the “Service”), operated by Jujube Studio, LLC (the “Company”). Refraction is an AI-powered health, fitness, and nutrition coaching platform that integrates with wearable devices, lab results, calendars, and other data sources to provide personalized, proactive guidance.

Information We Collect

We collect the following types of personal information:

  • Account Information: Name, email address, phone number, and authentication credentials.
  • Health and Fitness Data: Food logs, exercise data, recovery metrics, sleep data, lab results, health history, and personal health goals.
  • Third-Party Integration Data: Data synced from connected services such as wearable devices (e.g. Whoop, Garmin, Oura), fitness platforms (e.g. Strava), calendar services (e.g. Google Calendar), and electronic health records. This includes biometric data, activity logs, and scheduling information that you authorize us to access.
  • Device and Usage Data: Device type, time and duration of Service use.
  • Communications: Messages, feedback, and other communications between you and the Service, including conversations conducted via SMS, WhatsApp, Telegram, iMessage, web, and voice.

Use of Information

We use your personal information to:

  • Provide personalized health, fitness, and nutrition coaching.
  • Generate and adjust workout plans, nutrition recommendations, and recovery guidance.
  • Proactively surface insights, flag health concerns, and suggest actions based on your data.
  • Track your progress and provide feedback.
  • Respond to your inquiries and provide support.
  • Improve the accuracy and effectiveness of the Service through aggregate, de-identified analysis (see “What We Do Not Do” below for limitations).

What We Do Not Do

We commit to the following:

  • No selling or third-party marketing: We do not sell your personal data or share it for third-party marketing. We use service providers to operate coaching, as described in this policy. When data is sent to AI providers for coaching, personal identifiers are always removed first.
  • No advertising: We do not serve ads and do not share your data with advertisers or ad networks.
  • No model training on personal health data: Your personal health data is not used to train AI or machine learning models.
  • No research sharing without consent: If we share data with researchers or health companies, participation is voluntary, requires your explicit opt-in, and data is always de-identified.

AI Processing

Refraction uses third-party AI services to generate coaching recommendations. Before any information is sent to these services, we strip personal identifiers so that providers receive only de-identified health and fitness context. These providers are contractually prohibited from using your data to train their models.

We are building toward local-first processing where your health data never leaves your device. We'll be transparent as we get there.

Third-Party Integration Data

When you connect third-party services (wearable devices, fitness platforms, calendars, health records), we access only the data categories you authorize. This data is:

  • Stored under the same encryption and security protections as all other personal data.
  • Used solely for providing and improving your coaching experience.
  • Not shared with other third-party integrations.

If you disconnect a third-party integration, we stop syncing new data from that service. Historical data already collected is retained to preserve your coaching context and history until you delete your account. You may request deletion of data from a specific integration at any time by contacting us.

Data Retention & Deletion

We retain your personal information only while your account is active. When you delete your account:

  • All personal data — including account information, health and fitness data, integration data, communications, and usage data — is permanently deleted from our systems.
  • Deletion is processed immediately upon your request. There is no retention period after account deletion.
  • Before deleting your account, you may export all of your data in standard formats.

Data Portability & Control

You have full control over your data:

  • Export your complete data (coaching history, health records, communications, and all other personal data) in standard formats at any time.
  • Delete your account and all associated data through the application.
  • Access, review, and correct your personal information directly within the application.
  • Connect or disconnect third-party integrations at any time.
  • Withdraw consent for optional data uses (such as research participation) at any time without affecting your access to the Service.

Disclosure of Information

We may share personal information only with the following parties, and only as necessary:

  • AI service providers: Third-party AI services that process de-identified context to generate coaching recommendations. These providers receive no personally identifying information and are contractually prohibited from retaining or training on your data.
  • Infrastructure providers: Cloud hosting and data storage services that process data on our behalf, bound by data processing agreements that require them to protect your data and prohibit them from using it for their own purposes.
  • Legal obligations: Law enforcement agencies or government entities only when required by valid legal process (subpoena, court order, or applicable law).

We do not share your data with analytics services, marketing platforms, data brokers, or any other third parties.

Security

We implement robust security measures to protect your personal information:

  • Encryption at rest and in transit: All personal data is encrypted using industry-standard protocols both when stored and when transmitted between your device and our servers.
  • Firewalls and intrusion detection systems.
  • Regular security audits and vulnerability assessments.
  • Access controls that restrict employee access to personal data on a need-to-know basis.

Health Data Standards

Refraction processes sensitive health information including lab results, biometric data, and fitness records. Our security practices, access controls, and data handling procedures are designed to meet or exceed the standards set by the Health Insurance Portability and Accountability Act (HIPAA), even where not legally required. If we introduce direct integrations with healthcare providers or laboratory services, we will enter into Business Associate Agreements (BAAs) with all parties that process protected health information on our behalf.

User Rights

You have the following rights with respect to your personal information:

  • Right to access and review your personal information.
  • Right to correct inaccurate personal information.
  • Right to delete your personal information and account.
  • Right to export your personal information in a portable format.
  • Right to object to the processing of your personal information.
  • Right to withdraw consent for optional data uses at any time.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to opt out of the sale of personal information. We do not sell personal information for advertising or third-party marketing.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to request deletion of data from a specific integration, please contact us at john@jujube.studio

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting a notice on our website, through the Service, or via your registered communication channel. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

Last updated: March 4, 2026